One of the important phases in IT is the post-production phase, and one of the major challenges is to identify issues in post-production. When multiple applications spit out different logs in different systems, it is important to collate them in one place for the IT team to manage. Here, the ELK stack comes to the rescue. In this tutorial, I will cover what ELK is and how to aggregate the logs from different microservices and push them to one common location.

What Is ELK?

ELK is an acronym for Elasticsearch, Logstash, and Kibana. It is an open-source software owned by Elastic.

Elasticsearch is an Apache Lucene-based search engine which searches, stores, and analyzes huge volumes of data in almost real time. Elasticsearch can be installed on-premise or can be used as a SaaS application.

Logstash is the log aggregator, which has a pipeline to take the input, filter the data, and send the output. Logstash can take logs from various sources using different input plugins and send the output in a desired manner.

Kibana is a software to visualize the Elasticsearch data. It comes as a plugin with Elasticsearch. Elasticsearch and Kibana can be deployed as a cloud service and hosted on AWS or GCP. Kibana can also be installed in on-premise infrastructure. In this tutorial, we will use the Docker image of ELK and set it up in EC2.

Design Architecture:

In the above design, different microservices will be spitting out logs. We will have the Syslog driver to push the logs generated from different microservices to Logstash, which will filter the logs and push them to Elasticsearch. All the aggregated logs will be visible in Kibana.

Setting Up ELK on EC2

We will be setting up ELK on an EC2 Ubuntu machine using the official Docker images. Log in to EC2 server and create a directory called "elk" in the path /home/ubuntu/.